Blushing and with a bowed head I join the row of victims here. Although skeptical I double-clicked a script-file in an e-mail attachment apparently from the post office. Nothing happened except that my hard disk started working intensely. I became worried and shut down my computer after a minute. Started the computer again shortly after and immediately saw a ransom message, all I remember was something like “Your files have been encrypted…” and “Cryptolocker”, I pressed the off-button and held it down till everything was quiet and screen black.
In total, the computer was running for some two minutes in two sessions with the ransomware. I wonder if the ransomware managed to finish its work in that time, and if there is something I should do before booting up the computer again. I obviously do not want the process to continue and finish what it started.
Supposing encrypting was not finished, what about booting in safe mode? Malwarebytes Anti-Malware is already installed on that computer, but unfortunately, it is the free version, which does not block ransomware. It should be able to clean ransomware that is already on the computer, though.
Or what about using boot disks? It has been suggested that boot disks may clean the computer without starting the operating system.
A Live Linux boot disk will let me inspect the folders and files to evaluate the extent of damage – as far as I understand. It would also allow me to copy an encrypted file and a ransom letter to send to ID Ransomware.
Another possibility could be to take out the disk and mount it from another PC – to see how much is encrypted.
My PC was a fairly good gaming PC some four years ago - and still is, eight core processor, etc. Windows 7. One SSD and one classic HD. There are some 20.000 jpg-files on the HD.
There are a couple of other posts from people who were quick to turn off their PC, e.g.:
(post # 98, dated 27 November 2014)
Any suggestions what to do before I start my infected computer?
Thanks in advance.